CVE-2020-24139 - OpenCVE

Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Wcms	Wcms

Configuration 1 [-]

cpe:2.3:a:wcms:wcms:0.3.2:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/secwx/research/blob/main/cve/CVE-2020-24139.md	Third Party Advisory
https://github.com/vedees/wcms/issues/8	Exploit Technical Description

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-04-07T15:03:05

Updated: 2021-04-13T13:18:16

Reserved: 2020-08-13T00:00:00

Link: CVE-2020-24139

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-04-07T16:15:13.103

Modified: 2021-04-13T17:24:07.843

Link: CVE-2020-24139

JSON object: View

Redhat Information

No data.

CWE

CWE-918

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-04-13T13:18:16", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/vedees/wcms/issues/8"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/secwx/research/blob/main/cve/CVE-2020-24139.md"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-24139", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/vedees/wcms/issues/8", "refsource": "MISC", "url": "https://github.com/vedees/wcms/issues/8"}, {"name": "https://github.com/secwx/research/blob/main/cve/CVE-2020-24139.md", "refsource": "MISC", "url": "https://github.com/secwx/research/blob/main/cve/CVE-2020-24139.md"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-24139", "datePublished": "2021-04-07T15:03:05", "dateReserved": "2020-08-13T00:00:00", "dateUpdated": "2021-04-13T13:18:16", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wcms:wcms:0.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "95CE7D1E-E919-449E-88D4-F6A0FCADFAF0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services."}, {"lang": "es", "value": "Una Server-side request forgery en Wcms versi\u00f3n 0.3.2, permite a un atacante enviar peticiones dise\u00f1adas desde el servidor back-end de una aplicaci\u00f3n web vulnerable por medio del par\u00e1metro path en el archivo wex/cssjs.php. Puede ayudar a identificar puertos abiertos, hosts de redes locales y ejecutar comandos en servicios locales"}], "id": "CVE-2020-24139", "lastModified": "2021-04-13T17:24:07.843", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-07T16:15:13.103", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/secwx/research/blob/main/cve/CVE-2020-24139.md"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Technical Description"], "url": "https://github.com/vedees/wcms/issues/8"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}]}